CNN and others have reported on the hacking of the adult dating site AdultFriendFinder, where members enter their interests in non-traditional sexual relationships. Over 3 million members “interests” and other information were revealed in the data released so far.
According to the site, it has “helped millions of people find traditional partners, swinger groups, threesomes, and a variety of other alternative partners.” AdultFriendFinder claims to have over 60 million members, but data has been released on only around 3.5 million of those members. Whether the hacker has more data to release later or not is unclear.
Information revealed includes email address, birthday, password and sexual preferences. From this information, it is pretty easy to use social media and Google to figure people’s names.
The Mirror is saying that nude pictures of members were also part of the hacked data.
CIO magazine said that credit card data may be among the hacked data as well, but removed from the data available for sale. They said the database is available for 70 bitcoins or around $17,000.
The hacker who claims to have done this said that he attempted to blackmail the site for $100,000, which I gather they did not pay.
Other hackers on the forum said that they planned to use the information to attack victims. Apparently, a number of the members are government employees, including law enforcement. One potential form of attack would be to blackmail the victims.
FriendFinder Networks, who owns the site along with other adult sites and publications, said that they didn’t know the extent of the breach, but were working with law enforcement and Mandiant.
In a statement they said “We cannot speculate further about this issue, but rest assured, we pledge to take the appropriate steps needed to protect our customers if they are affected,”
I am not sure how they might protect their customers – I don’t think there is reputation protection insurance available.
While users of a site like this should have an expectation of privacy, this should be a reminder that there are no guarantees.